Topic review

Re: Does winscp include the connecting username with its log reports?

WinSCP does not send any log reports to the server. It's the server that generates the logs. And of course the server knows the username that WinSCP uses to login to the server.

Your question has actually nothing to do with WinSCP.

Ray

Does winscp include the connecting username with its log reports?

2017-05-03 23:44

Hi everyone,
I'm setting up a new Centos 7 server, which uses rsyslog/journal to collect and manage server logs, and am currently setting up its sftp system logging. I find I am a bit stuck trying to figure out how to readily differentiate between different users connecting to our sftp server, but other than a random pid assigned to each session, nothing in the logs is showing which username is associated with the resulting log entries.

A current sample of log entries:

May 3 10:13:19 lti internal-sftp[2719]:rename old "/home/testuser/folder/testfile" new "/home/testuser/folder/Testfile"
May 3 10:14:03 lti internal-sftp[2719]:rename old "/home/testuser2/folder/testfile" new "/home/testuser2/folder/Testfile"

Example of desired result:

May 3 10:13:19 lti testuser internal-sftp[2719]:rename old "/home/testuser/folder/testfile" new "/home/testuser/folder/Testfile"
May 3 10:14:03 lti testuser2 internal-sftp[2719]:rename old "/home/testuser2/folder/testfile" new "/home/testuser2/folder/Testfile"

rsyslog does not appear to be receiving any kind of 'username' log property from WinSCP that I could instruct rsyslog to include in the relevant log file, even when looking at the 'raw' view of what's coming through the system's log socket.

Is this by design, or can anyone shed any light on how to pull this additional 'username' info from the client to the server's log socket?